Rule History

SID: 2031074 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 1 • Oct 21, 2020, 12:00 PM

Message:

ET MALWARE Win32/Ficker Stealer Activity

Rule:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Win32/Ficker Stealer Activity"; flow:established,to_client; dsize:41; content:"|00 27 00 00 00 01 00 00 00 15 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 65 73 6b 74 6f 70 00 00 00 05 2a 2e 74 78 74 05|"; fast_pattern; reference:url,twitter.com/executemalware/status/1318689700882821120; reference:md5,aac706fe42b4a03cac17330bfcd8d9ea; classtype:trojan-activity; sid:2031074; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_10_21, deployment Perimeter, malware_family Win32_Ficker, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_21;)

Created:

Oct 21, 2020, 12:00 PM

Updated:

Oct 21, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 15, 2025, 9:36 PM

Filename:

rules/emerging-malware.rules